Two things I can think of straight away but will
require you to do some work.
Use software restriction GPO. It will ensure on
corporate approved applications are the only ones that
can execute so even if installed by the user they
cannot launch it. It doesn't solve the problem but
makes sure even if installed it provides no use or
value to the user unless formally requested for
exemption or addition to the policy
Second thing. Use an MSI packaging tool to repackage
every approved application and in the process use your
own PKI structure to certify every application. Use
the GPO setting to ensure only your cert is the only
one trusted for application installation...therefore
not signed your cert it cannot be installed not matter
what level of access the user has to a workstation
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
require you to do some work.
Use software restriction GPO. It will ensure on
corporate approved applications are the only ones that
can execute so even if installed by the user they
cannot launch it. It doesn't solve the problem but
makes sure even if installed it provides no use or
value to the user unless formally requested for
exemption or addition to the policy
Second thing. Use an MSI packaging tool to repackage
every approved application and in the process use your
own PKI structure to certify every application. Use
the GPO setting to ensure only your cert is the only
one trusted for application installation...therefore
not signed your cert it cannot be installed not matter
what level of access the user has to a workstation
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]